Secure AI code execution platform UI. Production-grade dashboard for the SandboxVM micro-VM orchestration backend. Every run spins up an isolated Firecracker micro-VM in under 200ms, captures stdout/stderr, enforces egress policy, and self-destructs — leaving an immutable, signed audit trail. The missing security layer for Claude, GPT-4, and MCP-compatible agents.
sandboxvm/
├── index.html # App shell, all HTML pages, script imports
├── css/
│ ├── main.css # Layout: topbar, sidebar, grid, pages, responsive
│ └── components.css # UI components: badges, tables, toggles, cards
├── js/
│ ├── state.js # Central state store (replace with API calls in production)
│ ├── charts.js # Chart.js: boot time histogram + language donut
│ ├── audit.js # Audit trail table rendering + sidebar badge
│ ├── sandbox.js # Execution lifecycle simulation (→ POST /v1/sandbox/execute)
│ ├── policy.js # Network egress rule management
│ └── app.js # Bootstrap, page routing (load last)
└── README.md
No build step required. Open directly in a browser:
open index.html
# or serve with any static file server:
npx serve .
python3 -m http.server 8080| Page | Route key | Description |
|---|---|---|
| Dashboard | dashboard |
Live metrics, execution log, boot chart, language donut |
| Execute | execute |
Code submission UI with runtime/timeout/policy options |
| Audit | audit |
Immutable, signed execution records (SOC 2 trail) |
| Tenants | tenants |
Per-tenant isolation stats and provisioning |
| Policy | policy |
Egress allowlist + security control toggles |
Replace the simulation in js/sandbox.js with a real API call:
// In SandboxExecutor.runSandbox(), replace the setTimeout simulation with:
const response = await fetch('/v1/sandbox/execute', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
language: lang,
code,
timeout_ms: timeout,
allow_network: allowNet,
allow_fs_write: allowFs,
tenant_id: 'your-tenant-id',
}),
});
const result = await response.json();
// result: { id, exit_code, stdout, stderr, boot_ms, fs_diff, signature }- No build tooling — vanilla HTML/CSS/JS, loads Chart.js from CDN
- Module pattern — each JS file exports a namespaced object (
SandboxState,SandboxCharts, etc.) - Load order — scripts load in dependency order: state → charts → audit → sandbox → policy → app
- Dark mode — full CSS variable theming, auto-detects
prefers-color-scheme - Responsive — sidebar collapses below 900px, grids reflow to single column
POST /v1/sandbox/execute Run code in isolated micro-VM
GET /v1/sandbox/:id Fetch execution record
GET /v1/audit?tenant=&limit= Paginated audit trail
GET /v1/tenants List tenants + stats
POST /v1/tenants Provision new tenant
GET /v1/policy/rules Current egress ruleset
POST /v1/policy/rules Add egress rule
DELETE /v1/policy/rules/:id Remove rule
PATCH /v1/policy/controls/:key Toggle security control
GET /v1/metrics Prometheus-compatible metrics
| Layer | Technology |
|---|---|
| Frontend | Vanilla HTML/CSS/JS |
| Charts | Chart.js 4.4 |
| Fonts | Syne (display) + JetBrains Mono |
| Backend (spec) | Rust · Axum · Tokio |
| Virtualization | Firecracker VMM (KVM) |
| Networking | eBPF / iptables TAP egress |
| Storage | SQLite WAL (audit) + Redis (cache) |
| Observability | Prometheus + Vector / Fluentbit |
MIT © SandboxVM - Use it, fork it, build with it!
If you found SandboxVM useful, give it a ⭐ — it helps more developers find it.